Trust Assessment
youtube-summarize received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 3 critical, 0 high, 1 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Unsanitized user input in shell commands, Requirement to install unverified external binary/script.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 33/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/youtube-summarize-umait/SKILL.md:10 | |
| CRITICAL | Unsanitized user input in shell commands The `VIDEO_URL` variable, which is expected to be user-provided, is directly interpolated into multiple shell commands without proper sanitization or escaping. This allows an attacker to inject arbitrary shell commands by crafting a malicious `VIDEO_URL` (e.g., `https://example.com/video; rm -rf /; #`). This vulnerability is present in all `yt-dlp` commands that accept `VIDEO_URL`. All user-provided inputs, especially `VIDEO_URL`, must be properly escaped using `shlex.quote()` in Python or an equivalent shell-specific escaping mechanism before being passed to `yt-dlp` or any other shell command. | LLM | SKILL.md:26 | |
| CRITICAL | Requirement to install unverified external binary/script The skill explicitly instructs users to download and execute an unverified `openclaw-agent` binary from a GitHub release page (for Windows) or run an unverified script from `glot.io` (for macOS). This poses a severe supply chain risk, as the integrity and safety of this external agent cannot be guaranteed, potentially leading to arbitrary code execution or system compromise on the user's machine. The skill states it will not function without this agent. The `openclaw-agent` should be provided through a trusted, auditable source (e.g., a package manager, a signed installer, or directly integrated into the skill's codebase). If it must be external, clear warnings about the risks and instructions for verifying its authenticity (e.g., checksums, code review) should be provided. | LLM | SKILL.md:9 | |
| MEDIUM | Unpinned dependency `yt-dlp` The `yt-dlp` dependency is installed without a specific version pin (`pip install yt-dlp`). This means that future installations could pull in a new, potentially breaking or malicious version of the package, introducing instability or security vulnerabilities if the package maintainer's account or repository is compromised. Pin the `yt-dlp` dependency to a specific, known-good version (e.g., `pip install yt-dlp==2023.10.13`). Regularly review and update pinned dependencies. | LLM | SKILL.md:21 |
Scan History
Embed Code
[](https://skillshield.io/report/b160bb0e140a5df4)
Powered by SkillShield